package io.micronaut.http.client.jdk;

import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.http.HttpVersion;
import io.micronaut.http.client.HttpVersionSelection;
import io.micronaut.http.ssl.ClientSslConfiguration;
import io.micronaut.http.ssl.SslBuilder;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.http.ssl.SslConfigurationException;
import jakarta.inject.Singleton;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Internal
@BootstrapContextCompatible
/* loaded from: input_file:io/micronaut/http/client/jdk/JdkClientSslBuilder.class */
public final class JdkClientSslBuilder extends SslBuilder<SSLContext> {
    private static final Logger LOG = LoggerFactory.getLogger(JdkClientSslBuilder.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/micronaut/http/client/jdk/JdkClientSslBuilder$TrustAllTrustManager.class */
    public static class TrustAllTrustManager implements X509TrustManager {
        private TrustAllTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public JdkClientSslBuilder(ResourceResolver resourceResolver) {
        super(resourceResolver);
    }

    public Optional<SSLContext> build(SslConfiguration sslConfiguration) {
        return build(sslConfiguration, HttpVersion.HTTP_1_1);
    }

    public Optional<SSLContext> build(SslConfiguration sslConfiguration, HttpVersion httpVersion) {
        return Optional.ofNullable(build(sslConfiguration, HttpVersionSelection.forLegacyVersion(httpVersion)));
    }

    @Nullable
    public SSLContext build(SslConfiguration sslConfiguration, HttpVersionSelection httpVersionSelection) {
        if (!sslConfiguration.isEnabled()) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = getTrustManagerFactory(sslConfiguration);
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory(sslConfiguration);
        try {
            SSLContext sSLContext = SSLContext.getInstance((String) sslConfiguration.getProtocol().orElse("TLS"));
            if (trustManagerFactory == null) {
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            }
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if ((sslConfiguration instanceof ClientSslConfiguration) && ((ClientSslConfiguration) sslConfiguration).isInsecureTrustAllCertificates()) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("Trust all certificates is enabled. This is insecure and should not be used in production");
                }
                trustManagers = new TrustManager[]{new TrustAllTrustManager()};
            }
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagers, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new SslConfigurationException("Error initializing SSL context: " + e.getMessage(), e);
        }
    }
}
